Key Path Diagnostics
The Key Path Diagnostic test checks all communication paths to ensure that a key can be transmitted
from the encryption key servers to the drive to properly encrypt and decrypt the tape cartridges.
The test consists of two parts. The îš´rst part, the drive test, veriîš´es whether the communication between
library and drive is working properly. This test is run only on the drives that are conîš´gured to library-
managed encryption (LME).
The second part veriîš´es the communication between the library and the encryption key servers. If the
secondary ethernet port is enabled and conîš´gured, the tests are run on both ports separately.
The test consists of four subtests:
• Ping
This test checks if the key server can be reached. If ICMP requests are blocked on the server side, this
test fails as well. Therefore, the following tests are run regardless the result of the ping test.
• SSL/TLS
This test tries to establish a SSL/TLS connection with the key server. If this test fails, the following tests
are skipped because they would also fail. This test is skipped if SSL/TLS is not enabled.
• Key Server Login
This test is run only in combination with a KMIP encryption server since SKLM currently does not
support login. If this test fails, the following Key Retrieval test is skipped because it would also fail.
• Key Retrieval
This test requests a key from the encryption server. For SKLM servers, a key from the key pool is
requested. On other servers, the library acquires a speciîš´c diagnostic key.
IBM Conîš´dential
90IBM TS4300 Tape Library Machine Type 3555: User's Guide
To Next Page
Loading...
Need help?
General
